The vmalloc address space is managed with a resource map allocator[#!vahalia96!#]. The struct vm_struct is responsible for storing the base,size pairs. It is defined in include/linux/vmalloc.h as
14 struct vm_struct { 15 unsigned long flags; 16 void * addr; 17 unsigned long size; 18 struct vm_struct * next; 19 };
As is clear, the areas are linked together via the next field and area ordered by address for easy searches. Each area is separated by at least one page to protect against overruns. This is illustrated by the gaps in 7.2
When the kernel wishes to allocate a new area, the vm_struct list is searched literally by the function get_vm_area(). Space for the struct is allocated with kmalloc(). When the virtual area is used for ioremapping, this function will be called directly to map the requested area.